rogue_one 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +12 -3
- data/lib/rogue_one/detector.rb +1 -5
- data/lib/rogue_one/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 86c74a7df8a4bcd245b6f298b96a70b249e173dcb75b0813beb14b128739e11e
|
|
4
|
+
data.tar.gz: 8e164de064b6f087d2574ae02fa1ed7ad885da285531c00f2d488ce1f41a08b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c12b466c5fc8b96ab64bd77c2ed8309fbc6497c5d8c831d31e2b850b592446f5eefe68eb5011cf216dc9703bfafde2ff1a2f1c202943dde86b802db47beb1ffc
|
|
7
|
+
data.tar.gz: b805443996b4a28c1e6108fcaa1e45f1ea085db24db2428ae9c0a723f1c9017c61508e6d29151e6ae83186242c170546b5f914b6079aa6ee661b483527d8c9d4
|
data/README.md
CHANGED
|
@@ -19,23 +19,32 @@ Commands:
|
|
|
19
19
|
|
|
20
20
|
$ rogue_one report 1.1.1.1
|
|
21
21
|
{
|
|
22
|
-
"verdict": "
|
|
22
|
+
"verdict": "benign one",
|
|
23
23
|
"landing_pages": [
|
|
24
24
|
|
|
25
25
|
]
|
|
26
26
|
}
|
|
27
27
|
|
|
28
|
-
$ rogue_one
|
|
28
|
+
$ rogue_one report 1.53.252.215
|
|
29
29
|
{
|
|
30
30
|
"verdict": "rogue one",
|
|
31
31
|
"landing_pages": [
|
|
32
|
-
"1.171.170.228",
|
|
33
32
|
"1.171.168.19",
|
|
33
|
+
"1.171.170.228",
|
|
34
34
|
"61.230.102.66"
|
|
35
35
|
]
|
|
36
36
|
}
|
|
37
37
|
```
|
|
38
38
|
|
|
39
|
+
| Key | Desc. |
|
|
40
|
+
|---------------|--------------------------------------------------|
|
|
41
|
+
| verdict | A detection result (`rogue one` or `benign one`) |
|
|
42
|
+
| landing_pages | An array of IP of landing pages |
|
|
43
|
+
|
|
44
|
+
## Notes
|
|
45
|
+
|
|
46
|
+
- This is just a PoC tool. I cannot guarantee the results with high confidence at the moment.
|
|
47
|
+
|
|
39
48
|
## License
|
|
40
49
|
|
|
41
50
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/lib/rogue_one/detector.rb
CHANGED
|
@@ -11,7 +11,6 @@ module RogueOne
|
|
|
11
11
|
def initialize(target:)
|
|
12
12
|
@target = target
|
|
13
13
|
@memo = Hash.new(0)
|
|
14
|
-
@mismatched_domains = []
|
|
15
14
|
end
|
|
16
15
|
|
|
17
16
|
def report
|
|
@@ -30,12 +29,10 @@ module RogueOne
|
|
|
30
29
|
end
|
|
31
30
|
|
|
32
31
|
def rogue_one?
|
|
33
|
-
|
|
32
|
+
!landing_pages.empty?
|
|
34
33
|
end
|
|
35
34
|
|
|
36
35
|
def landing_pages
|
|
37
|
-
return [] unless rogue_one?
|
|
38
|
-
|
|
39
36
|
@memo.map do |ip, count|
|
|
40
37
|
count > 10 ? ip : nil
|
|
41
38
|
end.compact
|
|
@@ -47,7 +44,6 @@ module RogueOne
|
|
|
47
44
|
target_result = target_resolver.dig(domain, "A")
|
|
48
45
|
|
|
49
46
|
if normal_result != target_result
|
|
50
|
-
@mismatched_domains << domain
|
|
51
47
|
@memo[target_result] += 1 if target_result
|
|
52
48
|
end
|
|
53
49
|
end
|
data/lib/rogue_one/version.rb
CHANGED